gs101-sepolicy: Fix avc denial for sysfs_vendor_sched

Fix mediaprovider_app and bluetooth Bug: 190563839 Bug: 190563916 Test: build pass Change-Id: I477325ee812d1362db4d5005e999cba989a44216
2021-06-10 11:30:11 +08:00 · 2021-06-10 11:30:11 +08:00 · 797b646234
commit 797b646234
parent 22fae537b5
6 changed files with 15 additions and 9 deletions
--- a/gs101-sepolicy.mk
+++ b/gs101-sepolicy.mk
@ -37,3 +37,6 @@ BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/wifi_sniffer

 # Wifi Logger
 BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/wifi_logger
+
+# Public
+PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/gs101-sepolicy/public
--- a/private/mediaprovider_app.te
+++ b/private/mediaprovider_app.te
@ -0,0 +1,2 @@
+dontaudit mediaprovider_app sysfs_vendor_sched:dir search;
+
--- a/public/file.te
+++ b/public/file.te
@ -0,0 +1,7 @@
+# Vendor sched files
+type sysfs_vendor_sched, sysfs_type, fs_type;
+userdebug_or_eng(`
+    typeattribute sysfs_vendor_sched mlstrustedobject;
+')
+type proc_vendor_sched, proc_type, fs_type;
+
--- a/tracking_denials/bluetooth.te
+++ b/tracking_denials/bluetooth.te
@ -1,2 +0,0 @@
-# b/190563916
-dontaudit bluetooth sysfs_vendor_sched:dir search;
--- a/whitechapel/vendor/google/bluetooth.te
+++ b/whitechapel/vendor/google/bluetooth.te
@ -0,0 +1,3 @@
+allow bluetooth sysfs_vendor_sched:dir search;
+allow bluetooth sysfs_vendor_sched:file w_file_perms;
+
--- a/whitechapel/vendor/google/file.te
+++ b/whitechapel/vendor/google/file.te
@ -134,13 +134,6 @@ type vendor_camera_tuning_file, vendor_file_type, file_type;
 type vendor_camera_data_file, file_type, data_file_type;
 type sysfs_camera, sysfs_type, fs_type;

-# Vendor sched files
-type sysfs_vendor_sched, sysfs_type, fs_type;
-userdebug_or_eng(`
-    typeattribute sysfs_vendor_sched mlstrustedobject;
-')
-type proc_vendor_sched, proc_type, fs_type;
-
 # GPS
 type vendor_gps_file, file_type, data_file_type;
 userdebug_or_eng(`
				`@ -0,0 +1,2 @@`
				`dontaudit mediaprovider_app sysfs_vendor_sched:dir search;`